Re: [openpgp] [PATCH] RFC4880bis: Argon2i

Nils Durner <ndurner@googlemail.com> Tue, 03 November 2015 21:19 UTC

Return-Path: <ndurner@googlemail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 373721A90DD for <openpgp@ietfa.amsl.com>; Tue, 3 Nov 2015 13:19:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vw7-xd1XWM4Q for <openpgp@ietfa.amsl.com>; Tue, 3 Nov 2015 13:19:19 -0800 (PST)
Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A44F1A89F9 for <openpgp@ietf.org>; Tue, 3 Nov 2015 13:19:19 -0800 (PST)
Received: by wmll128 with SMTP id l128so98375787wml.0 for <openpgp@ietf.org>; Tue, 03 Nov 2015 13:19:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=subject:references:from:cc:to:message-id:date:user-agent :mime-version:in-reply-to:content-type:content-transfer-encoding; bh=lrESSCU6NW5Ydu2rXyq+E//0uHBBbgL1jKcuaxAiOcM=; b=M5C07Wtie+KXDJEEPHT01mBv5lvvOXGJrbOzOfULJ6OhlHny+lEGmqtXVZ5VhicGPz X0YHBCylY3pR8f/ne4+iVt8L0ljX6cMjFUuV4PqCsCFHAKpMD+d2gpWFP0Dds66oijvF 40cOEi9a2L8Q89NPMZjnChR6dfidUWi8pHVEahsd+yBuJzYSYbL5vGXm3JVfKLA/CVuP XoGtNcM9Dm88yJyB1JGnvkzEvJA0kDW9AfmMlRpdYAFvqhUKhFZBeU0UOnraE0bSWbZV CipAWxMd78rFlgra54qkxOTBUekjEeVmzpLMoF2FeZ066ktjlGfMhVnzFqgH1CQWt1Yt oOoA==
X-Received: by 10.28.22.203 with SMTP id 194mr20140493wmw.45.1446585557833; Tue, 03 Nov 2015 13:19:17 -0800 (PST)
Received: from [192.168.188.46] (x4db00818.dyn.telefonica.de. [77.176.8.24]) by smtp.googlemail.com with ESMTPSA id l131sm25263819wmd.14.2015.11.03.13.19.16 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 03 Nov 2015 13:19:17 -0800 (PST)
References: <5623AA95.4060903@googlemail.com> <874mh3q3ol.fsf@alice.fifthhorseman.net> <56382F70.5000501@iang.org> <56385A38.6000707@googlemail.com> <9A043F3CF02CD34C8E74AC1594475C73F4B51C09@uxcn10-5.UoA.auckland.ac.nz>
From: Nils Durner <ndurner@googlemail.com>
X-Enigmail-Draft-Status: N1110
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Message-ID: <563924D5.6020407@googlemail.com>
Date: Tue, 3 Nov 2015 22:19:17 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4B51C09@uxcn10-5.UoA.auckland.ac.nz>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/rPn4YB25R1PU1bOZe100ms-Q-dE>
Cc: "openpgp@ietf.org" <openpgp@ietf.org>
Subject: Re: [openpgp] [PATCH] RFC4880bis: Argon2i
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Nov 2015 21:19:21 -0000

Hi Peter,

>> We can of course raise the bar by excluding types 1 & 3 entirely.
> 1 and 3?  I assume you mean 0 and 1, with 2 being unused anyway.

I meant 0, 1, 3 - thus only allowing to generate (the new Argon2i-based)
4. Sorry for the confusion.

> There should
> really only be a 3, a straight hash or salted hash is barely better than just
> using the password directly.

That is certainly one of the safest options for actual passwords, but
gets in the way of symmetric keys (cheaply) being used as passphrases.
Are you content with rather limiting the permitted use case for type 1
(and not allowing type 0) as per my previous mail in response to Werner
(and pushed to
https://gitlab.com/ndurner/rfc4880bis-s2k/blob/master/misc/id/rfc4880bis/middle.mkd)?


Regards,

Nils